#VU17181 Out-of-bounds write in NTPsec - CVE-2019-6442
Published: January 24, 2019 / Updated: June 17, 2021
Vulnerability identifier: #VU17181
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2019-6442
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
NTPsec
NTPsec
Software vendor:
The NTPsec project
The NTPsec project
Description
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to the affected software allows one byte to be written out of bounds in the ntpd daemon, related to the config_remotely function in the ntp_config.c source code file, the yyparse function in the ntp_parser.tab.c source code file, and the yyerror function in the ntp_parser.y source code file. A remote attacker can send a configuration request that submits malicious input, trigger ou-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to the affected software allows one byte to be written out of bounds in the ntpd daemon, related to the config_remotely function in the ntp_config.c source code file, the yyparse function in the ntp_parser.tab.c source code file, and the yyerror function in the ntp_parser.y source code file. A remote attacker can send a configuration request that submits malicious input, trigger ou-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 1.1.3.